#curl 8.11.1 has been released. It includes a fix to #CVE_2024_11053 - a #vulnerability I discovered. It is a logic flaw in the way curl parses .netrc file. In certain situations, the configured password can be sent to a incorrect host. Luckily the affected configurations should be quite rare and thus the situation is unlikely to occur often. The issue has existed in the curl source code for almost twenty-five years. •

curl - netrc and redirect credential leak - CVE-2024-11053

•

HackerOne

curl disclosed on HackerOne: CVE-2024-11053: netrc + redirect...

## Summary: Curl has a logic flaw in the way it processes netrc credentials when performing redirects. The redirect will pass along credentials spe...

No AI tools were used in discovering or reporting the vulnerability. #noai #handcrafted #infosec #cybersecurity

Did you know that #Apple #macOS by default stores your local Spotlight searches and uses them to improve their service? This option is NOT accessible from the obvious location of "Privacy & Security" but instead from "Spotlight". #privacy #telemetry #datacollection EDIT: Apparently this option applies to all Apple devices, including iPhones, iPads and the like. I would suggest turning this off on all of them.